@sanctuary-framework/mcp-server 1.1.1 → 1.1.3

package/dist/index.cjs

@@ -21,7 +21,7 @@ var url = require('url');
 var index_js = require('@modelcontextprotocol/sdk/client/index.js');
 var stdio_js = require('@modelcontextprotocol/sdk/client/stdio.js');
 var sse_js = require('@modelcontextprotocol/sdk/client/sse.js');
-require('readline/promises');
+var promises$1 = require('readline/promises');
 
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
 var __defProp = Object.defineProperty;
@@ -11141,6 +11141,20 @@ async function handleRequest(deps, req, res) {
   const url = new URL(req.url ?? "/", `http://${host}`);
   const method = (req.method ?? "GET").toUpperCase();
   const path = url.pathname;
+  if (deps.v11Bindings) {
+    const handled = await dispatchV11Request(
+      {
+        bindings: deps.v11Bindings,
+        ...deps.authToken !== void 0 ? { authToken: deps.authToken } : {},
+        loopbackAutoAuth: deps.loopbackAutoAuth ?? false
+      },
+      req,
+      res,
+      url,
+      method
+    );
+    if (handled) return true;
+  }
   if (!isAuthorized(deps, req, url)) {
     writeJSON(res, 401, { error: "unauthorized" });
     return true;
@@ -12770,6 +12784,47 @@ function handleDashboardV11Route(deps, req, res) {
   return true;
 }
 
+// src/dashboard/v1_1/dispatch.ts
+async function dispatchV11Request(inputs, req, res, url, method) {
+  const { bindings, authToken, loopbackAutoAuth } = inputs;
+  if (method === "GET" && (url.pathname === "/v1.1" || url.pathname === "/v1.1/")) {
+    return handleDashboardV11Route(
+      {
+        identityId: bindings.identityId,
+        fortressId: bindings.fortressId,
+        ...authToken !== void 0 ? { authToken } : {}
+      },
+      req,
+      res
+    );
+  }
+  if (url.pathname.startsWith("/api/hub/")) {
+    const authConfig = {
+      loopbackAutoAuth,
+      ...authToken !== void 0 ? { authToken } : {}
+    };
+    return handleHubRoute(
+      { authConfig, service: bindings.hubService },
+      req,
+      res
+    );
+  }
+  if (method === "GET" && url.pathname === "/api/identities") {
+    const authConfig = {
+      loopbackAutoAuth,
+      ...authToken !== void 0 ? { authToken } : {}
+    };
+    const aliasReq = Object.create(req);
+    aliasReq.url = "/api/hub/agents" + url.search;
+    return handleHubRoute(
+      { authConfig, service: bindings.hubService },
+      aliasReq,
+      res
+    );
+  }
+  return false;
+}
+
 // src/principal-policy/dashboard.ts
 var SESSION_TTL_REMOTE_MS = 5 * 60 * 1e3;
 var SESSION_TTL_LOCAL_MS = 24 * 60 * 60 * 1e3;
@@ -12896,45 +12951,17 @@ var DashboardApprovalChannel = class {
    */
   async dispatchV11(req, res, url, method) {
     if (!this.v11Bindings) return false;
-    if (method === "GET" && (url.pathname === "/v1.1" || url.pathname === "/v1.1/")) {
-      const handled = handleDashboardV11Route(
-        {
-          identityId: this.v11Bindings.identityId,
-          fortressId: this.v11Bindings.fortressId,
-          ...this.authToken !== void 0 ? { authToken: this.authToken } : {}
-        },
-        req,
-        res
-      );
-      return handled;
-    }
-    if (url.pathname.startsWith("/api/hub/")) {
-      const authConfig = {
-        loopbackAutoAuth: this._autoAuthLocalhost,
-        ...this.authToken !== void 0 ? { authToken: this.authToken } : {}
-      };
-      const handled = await handleHubRoute(
-        { authConfig, service: this.v11Bindings.hubService },
-        req,
-        res
-      );
-      return handled;
-    }
-    if (method === "GET" && url.pathname === "/api/identities") {
-      const authConfig = {
-        loopbackAutoAuth: this._autoAuthLocalhost,
-        ...this.authToken !== void 0 ? { authToken: this.authToken } : {}
-      };
-      const aliasReq = Object.create(req);
-      aliasReq.url = "/api/hub/agents" + url.search;
-      const handled = await handleHubRoute(
-        { authConfig, service: this.v11Bindings.hubService },
-        aliasReq,
-        res
-      );
-      return handled;
-    }
-    return false;
+    return dispatchV11Request(
+      {
+        bindings: this.v11Bindings,
+        ...this.authToken !== void 0 ? { authToken: this.authToken } : {},
+        loopbackAutoAuth: this._autoAuthLocalhost
+      },
+      req,
+      res,
+      url,
+      method
+    );
   }
   /**
    * v0.10.2: enable (or disable) the loopback auto-auth fast path. See
@@ -26331,14 +26358,41 @@ function createComplianceTools(deps) {
 init_random();
 init_encoding();
 var RECOVERY_KEY_FILENAME = "recovery-key.txt";
-function printRecoveryKeyBanner(recoveryKey, filePath, output = process.stderr) {
+var RECOVERY_KEY_COPY = {
+  fileName: RECOVERY_KEY_FILENAME,
+  bannerHeader: "SANCTUARY: First Run, Recovery Key Generated",
+  bannerSecretLabel: "Recovery Key",
+  bannerSaveLine: "SAVE THIS KEY. It will not be shown again.",
+  bannerLossLine: "Without it, your encrypted state is unrecoverable.",
+  fileWarningHeader: "SANCTUARY RECOVERY KEY, DO NOT COMMIT, DO NOT EMAIL, MOVE OFF-HOST IMMEDIATELY.",
+  fileSecretLabel: "Recovery key:",
+  fileBody: "This file was created on first init. Sanctuary will NOT regenerate this file on\nsubsequent runs and will NOT display the key again. After moving this file off\nthe host (encrypted backup, password manager, paper safe), delete it from the\nfortress directory. Do NOT keep it in the fortress; the recovery key bypasses\nthe cocoon passphrase by design.\n",
+  promptLabel: "recovery key"
+};
+var RecoveryKeyConfirmationDeclinedError = class extends Error {
+  constructor() {
+    super(
+      "Recovery key confirmation declined. Save the recovery key (printed above and written to recovery-key.txt) before re-running init."
+    );
+    this.name = "RecoveryKeyConfirmationDeclinedError";
+  }
+};
+var RecoveryKeyConfirmationNonInteractiveError = class extends Error {
+  constructor() {
+    super(
+      "Recovery key confirmation requires an interactive terminal. Re-run with --no-confirm for CI/scripted use, or run from a TTY."
+    );
+    this.name = "RecoveryKeyConfirmationNonInteractiveError";
+  }
+};
+function printSecretBanner(secret, filePath, copy, output = process.stderr) {
   const lines = [
-    "SANCTUARY: First Run, Recovery Key Generated",
+    copy.bannerHeader,
     "",
-    `Recovery Key: ${recoveryKey}`,
+    `${copy.bannerSecretLabel}: ${secret}`,
     "",
-    "SAVE THIS KEY. It will not be shown again.",
-    "Without it, your encrypted state is unrecoverable.",
+    copy.bannerSaveLine,
+    copy.bannerLossLine,
     "",
     "Plaintext copy written to:",
     `  ${filePath}`,
@@ -26357,8 +26411,8 @@ ${bottom}
 
 `);
 }
-async function writeRecoveryKeyFile(opts) {
-  const filePath = path.join(opts.storagePath, RECOVERY_KEY_FILENAME);
+async function writeSecretFile(opts) {
+  const filePath = path.join(opts.storagePath, opts.copy.fileName);
   try {
     await promises.access(filePath, promises.constants.F_OK);
     return { filePath, written: false };
@@ -26368,40 +26422,76 @@ async function writeRecoveryKeyFile(opts) {
   const now = (opts.now ?? (() => /* @__PURE__ */ new Date()))().toISOString();
   const fortressLine = opts.fortressId ? `Fortress: ${opts.fortressId}
 ` : "";
-  const content = `SANCTUARY RECOVERY KEY \u2014 DO NOT COMMIT, DO NOT EMAIL, MOVE OFF-HOST IMMEDIATELY.
+  const content = `${opts.copy.fileWarningHeader}
 Generated: ${now}
 ` + fortressLine + `
-Recovery key:
-${opts.recoveryKey}
-
-This file was created on first init. Sanctuary will NOT regenerate this file on
-subsequent runs and will NOT display the key again. After moving this file off
-the host (encrypted backup, password manager, paper safe), delete it from the
-fortress directory. Do NOT keep it in the fortress; the recovery key bypasses
-the cocoon passphrase by design.
-`;
+${opts.copy.fileSecretLabel}
+${opts.secret}
+
+` + opts.copy.fileBody;
   await promises.writeFile(filePath, content, { mode: 384 });
   return { filePath, written: true };
 }
-async function discloseRecoveryKey(opts) {
-  const fileResult = await writeRecoveryKeyFile({
+async function confirmSecretSaved(copy, declinedError, nonInteractiveError, io) {
+  const input = io?.input ?? process.stdin;
+  const output = io?.output ?? process.stderr;
+  const realStdin = !io && process.stdin.isTTY !== true;
+  if (realStdin) {
+    throw new nonInteractiveError();
+  }
+  const rl = promises$1.createInterface({ input, output });
+  try {
+    const answer = await rl.question(
+      `Have you saved the ${copy.promptLabel}? [y/N] `
+    );
+    const normalized = answer.trim().toLowerCase();
+    if (normalized !== "y" && normalized !== "yes") {
+      throw new declinedError();
+    }
+  } finally {
+    rl.close();
+  }
+}
+async function discloseSecret(opts, copy, declinedError, nonInteractiveError) {
+  const mode = opts.mode ?? "interactive";
+  const writeOpts = {
     storagePath: opts.storagePath,
-    recoveryKey: opts.recoveryKey,
-    ...opts.fortressId !== void 0 ? { fortressId: opts.fortressId } : {},
-    ...opts.now !== void 0 ? { now: opts.now } : {}
-  });
-  printRecoveryKeyBanner(
-    opts.recoveryKey,
-    fileResult.filePath,
-    opts.io?.output
-  );
-  {
+    secret: opts.secret,
+    copy
+  };
+  if (opts.fortressId !== void 0) writeOpts.fortressId = opts.fortressId;
+  if (opts.now !== void 0) writeOpts.now = opts.now;
+  const fileResult = await writeSecretFile(writeOpts);
+  printSecretBanner(opts.secret, fileResult.filePath, copy, opts.io?.output);
+  if (mode === "no-confirm" || mode === "stdio-server") {
     return {
       filePath: fileResult.filePath,
       fileWritten: fileResult.written,
       confirmed: false
     };
   }
+  await confirmSecretSaved(copy, declinedError, nonInteractiveError, opts.io);
+  return {
+    filePath: fileResult.filePath,
+    fileWritten: fileResult.written,
+    confirmed: true
+  };
+}
+async function discloseRecoveryKey(opts) {
+  const internalOpts = {
+    secret: opts.recoveryKey,
+    storagePath: opts.storagePath
+  };
+  if (opts.fortressId !== void 0) internalOpts.fortressId = opts.fortressId;
+  if (opts.mode !== void 0) internalOpts.mode = opts.mode;
+  if (opts.now !== void 0) internalOpts.now = opts.now;
+  if (opts.io !== void 0) internalOpts.io = opts.io;
+  return discloseSecret(
+    internalOpts,
+    RECOVERY_KEY_COPY,
+    RecoveryKeyConfirmationDeclinedError,
+    RecoveryKeyConfirmationNonInteractiveError
+  );
 }
 
 // src/hub/agent-registry.ts
@@ -28823,14 +28913,18 @@ async function startDashboardServer(options) {
       }
     }
   };
-  const deps = {
-    sources: options.sources,
-    authToken: options.authToken,
-    approvals: options.approvals,
-    onEvent
-  };
+  let v11Bindings = null;
+  let v11LoopbackAutoAuth = false;
   const server = http.createServer(async (req, res) => {
     try {
+      const deps = {
+        sources: options.sources,
+        authToken: options.authToken,
+        approvals: options.approvals,
+        onEvent,
+        v11Bindings,
+        loopbackAutoAuth: v11LoopbackAutoAuth
+      };
       const served = await handleRequest(deps, req, res);
       if (!served) {
         res.writeHead(404, { "Content-Type": "application/json" });
@@ -28868,7 +28962,13 @@ async function startDashboardServer(options) {
     publishActivity: (entry) => publish({ type: "activity", data: entry }),
     publishApproval: (approval) => publish({ type: "approval", data: approval }),
     publishInbox: (item) => publish({ type: "inbox", data: item }),
-    publishAgentStatus: (snapshot) => publish({ type: "agent_status", data: snapshot })
+    publishAgentStatus: (snapshot) => publish({ type: "agent_status", data: snapshot }),
+    setV11Bindings: (bindings) => {
+      v11Bindings = bindings;
+    },
+    setV11LoopbackAutoAuth: (enabled) => {
+      v11LoopbackAutoAuth = enabled;
+    }
   };
 }
 
@@ -29531,7 +29631,9 @@ Refusing to start the cocoon while the reset-history marker is unreadable.`
   if (recoveryKey) {
     await discloseRecoveryKey({
       recoveryKey,
-      storagePath: config.storage_path});
+      storagePath: config.storage_path,
+      mode: "stdio-server"
+    });
   }
   return {
     server,